-
Notifications
You must be signed in to change notification settings - Fork 1
/
applications.tf
120 lines (98 loc) · 3.38 KB
/
applications.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
resource "okta_app_saml" "mongodb_atlas" {
label = "MongoDB Atlas"
preconfigured_app = "mongodbcloudmanager"
saml_version = "2.0"
status = "ACTIVE"
app_settings_json = jsonencode(
{
"acsURL" = "https://auth.mongodb.com/sso/saml2/0oajh4dwibKWjlyIX297"
"audienceURI" = "https://www.okta.com/saml2/service-provider/spkkjmwtynyziasqpvwp"
}
)
#app_settings_json used with okta_app_saml
#Testing multiple ways to add statemnts in resources
#The json statement needs quotes from both key:value pair
#attribute statements are better for some reason
attribute_statements {
type = "GROUP"
name = "memberOf"
filter_type = "STARTS_WITH"
filter_value = "App-Atlas-"
}
}
#More of an exercise but I want to test again, adding attributes directly with API or attr statements with this resource
/*resource "okta_app_saml_app_settings" "mongodb_atlas_app_settings" {
app_id = okta_app_saml.mongodb_atlas.id
#Used when using okta_app_saml_app_settings
settings = jsonencode(
{
"acsURL" = "https://auth.mongodb.com/sso/saml2/0oajh4dwibKWjlyIX297"
"audienceURI" = "https://www.okta.com/saml2/service-provider/spkkjmwtynyziasqpvwp"
#Not sure if it's because it's preconfigured. I will try groups instead
#Why can't this way work isntead? It's how it's ordered. I have to add the higher levels
"attributeStatements" = [
{
"name" = "memberOf"
"type" = "GROUP"
"namespace" = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
"filterType" = "REGEX"
"filterValue" = ".*"
}
{
"name" = "firstName"
"type" = "EXPRESSION"
"namespace" = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
"values" = ["user.firstName"]
}
]
}
)
}*/
#Creating resources is the exact same as in the GUI, I only need to know where everything is in TF
resource "okta_app_saml" "spacelift_saml" {
#App Name*
label = "Spacelift"
#Logo
logo = "./logos/spacelift.png"
#Single sign-on URL*
sso_url = "https://oliviambrown.app.spacelift.io/saml/acs"
#Recipient*
recipient = "https://oliviambrown.app.spacelift.io/saml/acs"
#Destination*
destination = "https://oliviambrown.app.spacelift.io/saml/acs"
#Authn_context_class_ref*
authn_context_class_ref = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
#Audience URL (SP Entity ID)*
audience = "https://oliviambrown.app.spacelift.io/saml/metadata"
#Application Username*
subject_name_id_template = "$${user.userName}"
#Name ID format*
subject_name_id_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
#Response
response_signed = true
#Signature Algorithim
signature_algorithm = "RSA_SHA256"
#Digest Algorithim
digest_algorithm = "SHA256"
#Each attribute needs it's own declare statement, firstName, lastName, Teams
attribute_statements {
name = "FirstName"
type = "EXPRESSION"
namespace = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
values = ["user.firstName"]
}
#Attribute_statments only works with okta_app_saml, a terraform shortcut
attribute_statements {
name = "LastName"
type = "EXPRESSION"
namespace = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
values = ["user.lastName"]
}
attribute_statements {
name = "Teams"
namespace = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
type = "GROUP"
filter_type = "REGEX"
filter_value = ".*"
}
}